libcontainer 0.6.0

Library for container control
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

use crate::namespaces::NamespaceError;
use crate::process::channel;
use crate::process::memory_policy::MemoryPolicyError;
use crate::rootfs::device::DeviceError;
#[cfg(feature = "libseccomp")]
use crate::seccomp;
use crate::syscall::SyscallError;
use crate::workload::{ExecutorSetEnvsError, ExecutorValidationError};
use crate::{apparmor, hooks, notify_socket, rootfs, tty, workload};

#[derive(Debug, thiserror::Error)]
pub enum InitProcessError {
    #[error("failed to set sysctl")]
    Sysctl(#[source] std::io::Error),
    #[error("failed to mount path as readonly")]
    MountPathReadonly(#[source] SyscallError),
    #[error("failed to mount path as masked")]
    MountPathMasked(#[source] SyscallError),
    #[error(transparent)]
    Namespaces(#[from] NamespaceError),
    #[error("failed to set hostname")]
    SetHostname(#[source] SyscallError),
    #[error("failed to set domainname")]
    SetDomainname(#[source] SyscallError),
    #[error("failed to reopen /dev/null")]
    ReopenDevNull(#[source] std::io::Error),
    #[error("failed to unix syscall")]
    NixOther(#[source] nix::Error),
    #[error(transparent)]
    MissingSpec(#[from] crate::error::MissingSpecError),
    #[error("failed to setup tty")]
    Tty(#[source] tty::TTYError),
    #[error("failed to run hooks")]
    Hooks(#[from] hooks::HookError),
    #[error("failed to prepare rootfs")]
    RootFS(#[source] rootfs::RootfsError),
    #[error("failed syscall")]
    SyscallOther(#[source] SyscallError),
    #[error("failed apparmor")]
    AppArmor(#[source] apparmor::AppArmorError),
    #[error(transparent)]
    Pathrs(#[from] pathrs::error::Error),
    #[error("invalid umask")]
    InvalidUmask(u32),
    #[error(transparent)]
    #[cfg(feature = "libseccomp")]
    Seccomp(#[from] seccomp::SeccompError),
    #[error("invalid executable: {0}")]
    InvalidExecutable(String),
    #[error("io error")]
    Io(#[source] std::io::Error),
    #[error(transparent)]
    Channel(#[from] channel::ChannelError),
    #[error("setgroup is disabled")]
    SetGroupDisabled,
    #[error(transparent)]
    NotifyListener(#[from] notify_socket::NotifyListenerError),
    #[error(transparent)]
    Workload(#[from] workload::ExecutorError),
    #[error(transparent)]
    WorkloadValidation(#[from] ExecutorValidationError),
    #[error(transparent)]
    WorkloadSetEnvs(#[from] ExecutorSetEnvsError),
    #[error("invalid io priority class: {0}")]
    IoPriorityClass(String),
    #[error("call exec sched_setattr error: {0}")]
    SchedSetattr(String),
    #[error(transparent)]
    MemoryPolicy(#[from] MemoryPolicyError),
    #[error(transparent)]
    Network(#[from] crate::network::NetworkError),
    #[error("failed to verify if current working directory is safe")]
    InvalidCwd(#[source] nix::Error),
    #[error("missing linux section in spec")]
    NoLinux,
    #[error("missing process section in spec")]
    NoProcess,
    #[error("device error")]
    Device(#[source] DeviceError),
    #[error("personality flag has not supported at this time")]
    UnsupportedPersonalityFlag,
}